Carl Bäckström03/08/2023, 4:55 PM
) and then bundle these up into dynamic roles. You would then be able to validate the permissions rather than the actual role of a user allowing new roles to be added more easily. Is this something that could be accomplished with Cerbos or is this even something we would want to do with Cerbos?
Guillaume Picard03/09/2023, 5:25 AM
apiVersion: api.cerbos.dev/v1 resourcePolicy: version: "default" resource: "batching_group" rules: - actions: ['delete'] effect: EFFECT_ALLOW roles: ['*'] condition: match: expr: ("delete:batching_group" in request.aux_data.jwt.claims)
Carl Bäckström03/09/2023, 9:00 AM
Charith (Cerbos)03/09/2023, 9:24 AM
There's a write-up about this here: https://cerbos.dev/blog/context-aware-authorization-with-auth0-cerbos
- actions: ['document:read', 'document:write'] effect: EFFECT_ALLOW roles: ['document_rw']